WARNING: CRITICAL OUT-OF-BOUNDS WRITE VULNERABILITY IN PHP, PATCH IMMEDIATELY!
CVE-2024-11236: CVSS: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
GitHub advisory: https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv
GitHub advisory: https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff
Risques
PHP is a scripting language that is widely used to make interactive Web pages.
PHP before versions 8.1.31, 8.2.26 and 8.3.14, it includes a critical integer overflow vulnerability that can result in Out-Of-Bounds writes. This means that input can be written to memory outside the buffer that is reserved for it. This has a high impact on Confidentiality, Integrity and Availability as OOB writes can have significant impact.
Description
PDO_FIREBIRD and PDO_DBLIB are drivers that implement the PDO (PHP Data Objects) interface to enable access from PHP to the Firebird database and Microsoft SQL Server/Sybase database respectively. In these components, the ZSTR_MAX_LEN value can be surpassed, resulting in an integer overflow. Eventually, this can result in Out-Of-Bounds (OOB) writes.
Actions recommandées
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
The vulnerability is patched in versions 8.1.31, 8.2.26, 8.3.14 and above.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
Références
PHP Security Bulletin 8.1.31: https://www.php.net/ChangeLog-8.php#8.1.31
PHP Security Bulletin 8.2.26: https://www.php.net/ChangeLog-8.php#8.2.26
PHP Security Bulletin 8.3.14: https://www.php.net/ChangeLog-8.php#8.3.14